all: convert more code to use net/netip directly

perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .

Then delete some stuff from the net/netaddr shim package which is no
longer neeed.

Updates #5162

Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

net/dns/config.go

@@ -7,10 +7,10 @@ package dns
 import (
 	"bufio"
 	"fmt"
+	"net/netip"
 	"sort"
 
 	"tailscale.com/net/dns/resolver"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/types/dnstype"
 	"tailscale.com/util/dnsname"
@@ -40,13 +40,13 @@ type Config struct {
 	// Adding an entry to Hosts merely creates the record. If you want
 	// it to resolve, you also need to add appropriate routes to
 	// Routes.
-	Hosts map[dnsname.FQDN][]netaddr.IP
+	Hosts map[dnsname.FQDN][]netip.Addr
 	// OnlyIPv6, if true, uses the IPv6 service IP (for MagicDNS)
 	// instead of the IPv4 version (100.100.100.100).
 	OnlyIPv6 bool
 }
 
-func (c *Config) serviceIP() netaddr.IP {
+func (c *Config) serviceIP() netip.Addr {
 	if c.OnlyIPv6 {
 		return tsaddr.TailscaleServiceIPv6()
 	}
@@ -143,7 +143,7 @@ func sameResolverNames(a, b []*dnstype.Resolver) bool {
 	return true
 }
 
-func sameIPs(a, b []netaddr.IP) bool {
+func sameIPs(a, b []netip.Addr) bool {
 	if len(a) != len(b) {
 		return false
 	}

net/dns/direct.go

@@ -13,6 +13,7 @@ import (
 	"io"
 	"io/fs"
 	"io/ioutil"
+	"net/netip"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -21,7 +22,6 @@ import (
 	"time"
 
 	"tailscale.com/net/dns/resolvconffile"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/types/logger"
 	"tailscale.com/util/dnsname"
 	"tailscale.com/version/distro"
@@ -33,7 +33,7 @@ const (
 )
 
 // writeResolvConf writes DNS configuration in resolv.conf format to the given writer.
-func writeResolvConf(w io.Writer, servers []netaddr.IP, domains []dnsname.FQDN) error {
+func writeResolvConf(w io.Writer, servers []netip.Addr, domains []dnsname.FQDN) error {
 	c := &resolvconffile.Config{
 		Nameservers:   servers,
 		SearchDomains: domains,

net/dns/direct_test.go

@@ -16,7 +16,6 @@ import (
 	"testing"
 
 	qt "github.com/frankban/quicktest"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/util/dnsname"
 )
 
@@ -82,7 +81,7 @@ func testDirect(t *testing.T, fs wholeFileFS) {
 
 	m := directManager{logf: t.Logf, fs: fs}
 	if err := m.SetDNS(OSConfig{
-		Nameservers:   []netaddr.IP{netip.MustParseAddr("8.8.8.8"), netip.MustParseAddr("8.8.4.4")},
+		Nameservers:   []netip.Addr{netip.MustParseAddr("8.8.8.8"), netip.MustParseAddr("8.8.4.4")},
 		SearchDomains: []dnsname.FQDN{"ts.net.", "ts-dns.test."},
 		MatchDomains:  []dnsname.FQDN{"ignored."},
 	}); err != nil {
@@ -109,7 +108,7 @@ search ts.net ts-dns.test
 	assertBaseState(t)
 
 	// Test that Close cleans up resolv.conf.
-	if err := m.SetDNS(OSConfig{Nameservers: []netaddr.IP{netip.MustParseAddr("8.8.8.8")}}); err != nil {
+	if err := m.SetDNS(OSConfig{Nameservers: []netip.Addr{netip.MustParseAddr("8.8.8.8")}}); err != nil {
 		t.Fatal(err)
 	}
 	if err := m.Close(); err != nil {
@@ -150,21 +149,21 @@ func TestReadResolve(t *testing.T) {
 	}{
 		{in: `nameserver 192.168.0.100`,
 			want: OSConfig{
-				Nameservers: []netaddr.IP{
+				Nameservers: []netip.Addr{
 					netip.MustParseAddr("192.168.0.100"),
 				},
 			},
 		},
 		{in: `nameserver 192.168.0.100 # comment`,
 			want: OSConfig{
-				Nameservers: []netaddr.IP{
+				Nameservers: []netip.Addr{
 					netip.MustParseAddr("192.168.0.100"),
 				},
 			},
 		},
 		{in: `nameserver 192.168.0.100#`,
 			want: OSConfig{
-				Nameservers: []netaddr.IP{
+				Nameservers: []netip.Addr{
 					netip.MustParseAddr("192.168.0.100"),
 				},
 			},

net/dns/manager.go

@@ -11,13 +11,13 @@ import (
 	"errors"
 	"io"
 	"net"
+	"net/netip"
 	"runtime"
 	"sync/atomic"
 	"time"
 
 	"tailscale.com/health"
 	"tailscale.com/net/dns/resolver"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/net/packet"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/net/tsdial"
@@ -67,7 +67,7 @@ const reconfigTimeout = time.Second
 
 type response struct {
 	pkt []byte
-	to  netaddr.IPPort // response destination (request source)
+	to  netip.AddrPort // response destination (request source)
 }
 
 // Manager manages system DNS settings.
@@ -175,7 +175,7 @@ func (m *Manager) compileConfig(cfg Config) (rcfg resolver.Config, ocfg OSConfig
 		// through quad-100.
 		rcfg.Routes = routes
 		rcfg.Routes["."] = cfg.DefaultResolvers
-		ocfg.Nameservers = []netaddr.IP{cfg.serviceIP()}
+		ocfg.Nameservers = []netip.Addr{cfg.serviceIP()}
 		return rcfg, ocfg, nil
 	}
 
@@ -212,7 +212,7 @@ func (m *Manager) compileConfig(cfg Config) (rcfg resolver.Config, ocfg OSConfig
 	// or routes + MagicDNS, or just MagicDNS, or on an OS that cannot
 	// split-DNS. Install a split config pointing at quad-100.
 	rcfg.Routes = routes
-	ocfg.Nameservers = []netaddr.IP{cfg.serviceIP()}
+	ocfg.Nameservers = []netip.Addr{cfg.serviceIP()}
 
 	// If the OS can't do native split-dns, read out the underlying
 	// resolver config and blend it into our config.
@@ -239,7 +239,7 @@ func (m *Manager) compileConfig(cfg Config) (rcfg resolver.Config, ocfg OSConfig
 // toIPsOnly returns only the IP portion of dnstype.Resolver.
 // Only safe to use if the resolvers slice has been cleared of
 // DoH or custom-port entries with something like hasDefaultIPResolversOnly.
-func toIPsOnly(resolvers []*dnstype.Resolver) (ret []netaddr.IP) {
+func toIPsOnly(resolvers []*dnstype.Resolver) (ret []netip.Addr) {
 	for _, r := range resolvers {
 		if ipp, ok := r.IPPort(); ok && ipp.Port() == 53 {
 			ret = append(ret, ipp.Addr())
@@ -252,7 +252,7 @@ func toIPsOnly(resolvers []*dnstype.Resolver) (ret []netaddr.IP) {
 // called with a DNS request payload.
 //
 // TODO(tom): Rip out once all platforms use netstack.
-func (m *Manager) EnqueuePacket(bs []byte, proto ipproto.Proto, from, to netaddr.IPPort) error {
+func (m *Manager) EnqueuePacket(bs []byte, proto ipproto.Proto, from, to netip.AddrPort) error {
 	if to.Port() != 53 || proto != ipproto.UDP {
 		return nil
 	}
@@ -334,7 +334,7 @@ func (m *Manager) NextPacket() ([]byte, error) {
 // Query executes a DNS query recieved from the given address. The query is
 // provided in bs as a wire-encoded DNS query without any transport header.
 // This method is called for requests arriving over UDP and TCP.
-func (m *Manager) Query(ctx context.Context, bs []byte, from netaddr.IPPort) ([]byte, error) {
+func (m *Manager) Query(ctx context.Context, bs []byte, from netip.AddrPort) ([]byte, error) {
 	select {
 	case <-m.ctx.Done():
 		return nil, net.ErrClosed
@@ -368,7 +368,7 @@ type dnsTCPSession struct {
 	m *Manager
 
 	conn    net.Conn
-	srcAddr netaddr.IPPort
+	srcAddr netip.AddrPort
 
 	readClosing chan struct{}
 	responses   chan []byte // DNS replies pending writing
@@ -455,7 +455,7 @@ func (s *dnsTCPSession) handleReads() {
 
 // HandleTCPConn implements magicDNS over TCP, taking a connection and
 // servicing DNS requests sent down it.
-func (m *Manager) HandleTCPConn(conn net.Conn, srcAddr netaddr.IPPort) {
+func (m *Manager) HandleTCPConn(conn net.Conn, srcAddr netip.AddrPort) {
 	s := dnsTCPSession{
 		m:           m,
 		conn:        conn,

net/dns/manager_tcp_test.go

@@ -8,11 +8,11 @@ import (
 	"encoding/binary"
 	"io"
 	"net"
+	"net/netip"
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
 	dns "golang.org/x/net/dns/dnsmessage"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/net/tsdial"
 	"tailscale.com/util/dnsname"
 )
@@ -73,7 +73,7 @@ func TestDNSOverTCP(t *testing.T) {
 
 	c, s := net.Pipe()
 	defer s.Close()
-	go m.HandleTCPConn(s, netaddr.IPPort{})
+	go m.HandleTCPConn(s, netip.AddrPort{})
 	defer c.Close()
 
 	wantResults := map[dnsname.FQDN]string{

net/dns/manager_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"tailscale.com/net/dns/resolver"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/net/tsdial"
 	"tailscale.com/types/dnstype"
 	"tailscale.com/util/dnsname"
@@ -394,8 +393,8 @@ func TestManager(t *testing.T) {
 		},
 	}
 
-	trIP := cmp.Transformer("ipStr", func(ip netaddr.IP) string { return ip.String() })
-	trIPPort := cmp.Transformer("ippStr", func(ipp netaddr.IPPort) string {
+	trIP := cmp.Transformer("ipStr", func(ip netip.Addr) string { return ip.String() })
+	trIPPort := cmp.Transformer("ippStr", func(ipp netip.AddrPort) string {
 		if ipp.Port() == 53 {
 			return ipp.Addr().String()
 		}
@@ -424,14 +423,14 @@ func TestManager(t *testing.T) {
 	}
 }
 
-func mustIPs(strs ...string) (ret []netaddr.IP) {
+func mustIPs(strs ...string) (ret []netip.Addr) {
 	for _, s := range strs {
 		ret = append(ret, netip.MustParseAddr(s))
 	}
 	return ret
 }
 
-func mustIPPs(strs ...string) (ret []netaddr.IPPort) {
+func mustIPPs(strs ...string) (ret []netip.AddrPort) {
 	for _, s := range strs {
 		ret = append(ret, netip.MustParseAddrPort(s))
 	}
@@ -456,9 +455,9 @@ func fqdns(strs ...string) (ret []dnsname.FQDN) {
 	return ret
 }
 
-func hosts(strs ...string) (ret map[dnsname.FQDN][]netaddr.IP) {
+func hosts(strs ...string) (ret map[dnsname.FQDN][]netip.Addr) {
 	var key dnsname.FQDN
-	ret = map[dnsname.FQDN][]netaddr.IP{}
+	ret = map[dnsname.FQDN][]netip.Addr{}
 	for _, s := range strs {
 		if ip, err := netip.ParseAddr(s); err == nil {
 			if key == "" {

net/dns/manager_windows.go

@@ -90,7 +90,7 @@ func delValue(key registry.Key, name string) error {
 // system's "primary" resolver.
 //
 // If no resolvers are provided, the Tailscale NRPT rules are deleted.
-func (m windowsManager) setSplitDNS(resolvers []netaddr.IP, domains []dnsname.FQDN) error {
+func (m windowsManager) setSplitDNS(resolvers []netip.Addr, domains []dnsname.FQDN) error {
 	if m.nrptDB == nil {
 		if resolvers == nil {
 			// Just a no-op in this case.
@@ -118,7 +118,7 @@ func (m windowsManager) setSplitDNS(resolvers []netaddr.IP, domains []dnsname.FQ
 // "primary" resolvers.
 // domains can be set without resolvers, which just contributes new
 // paths to the global DNS search list.
-func (m windowsManager) setPrimaryDNS(resolvers []netaddr.IP, domains []dnsname.FQDN) error {
+func (m windowsManager) setPrimaryDNS(resolvers []netip.Addr, domains []dnsname.FQDN) error {
 	var ipsv4 []string
 	var ipsv6 []string
 
@@ -347,7 +347,7 @@ func (m windowsManager) GetBaseConfig() (OSConfig, error) {
 // It's used on Windows 7 to emulate split DNS by trying to figure out
 // what the "previous" primary resolver was. It might be wrong, or
 // incomplete.
-func (m windowsManager) getBasePrimaryResolver() (resolvers []netaddr.IP, err error) {
+func (m windowsManager) getBasePrimaryResolver() (resolvers []netip.Addr, err error) {
 	tsGUID, err := windows.GUIDFromString(m.guid)
 	if err != nil {
 		return nil, err
@@ -422,7 +422,7 @@ func (m windowsManager) getBasePrimaryResolver() (resolvers []netaddr.IP, err er
 	return resolvers, nil
 }
 
-var siteLocalResolvers = []netaddr.IP{
+var siteLocalResolvers = []netip.Addr{
 	netip.MustParseAddr("fec0:0:0:ffff::1"),
 	netip.MustParseAddr("fec0:0:0:ffff::2"),
 	netip.MustParseAddr("fec0:0:0:ffff::3"),

net/dns/manager_windows_test.go

@@ -15,7 +15,6 @@ import (
 
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/registry"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/util/dnsname"
 	"tailscale.com/util/winutil"
 )
@@ -92,7 +91,7 @@ func TestManagerWindowsGPMove(t *testing.T) {
 	// Upon initialization of cfg, we should not have any NRPT rules
 	ensureNoRules(t)
 
-	resolvers := []netaddr.IP{netip.MustParseAddr("1.1.1.1")}
+	resolvers := []netip.Addr{netip.MustParseAddr("1.1.1.1")}
 	domains := genRandomSubdomains(t, 1)
 
 	// 1. Populate local NRPT
@@ -216,7 +215,7 @@ func runTest(t *testing.T, isLocal bool) {
 	// Upon initialization of cfg, we should not have any NRPT rules
 	ensureNoRules(t)
 
-	resolvers := []netaddr.IP{netip.MustParseAddr("1.1.1.1")}
+	resolvers := []netip.Addr{netip.MustParseAddr("1.1.1.1")}
 
 	domains := genRandomSubdomains(t, 2*nrptMaxDomainsPerRule+1)
 

net/dns/nm.go

@@ -16,7 +16,6 @@ import (
 
 	"github.com/godbus/dbus/v5"
 	"tailscale.com/net/interfaces"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/util/dnsname"
 	"tailscale.com/util/endian"
 )
@@ -294,7 +293,7 @@ func (m *nmManager) GetBaseConfig() (OSConfig, error) {
 	}
 
 	type dnsPrio struct {
-		resolvers []netaddr.IP
+		resolvers []netip.Addr
 		domains   []string
 		priority  int32
 	}
@@ -342,7 +341,7 @@ func (m *nmManager) GetBaseConfig() (OSConfig, error) {
 
 	var (
 		ret           OSConfig
-		seenResolvers = map[netaddr.IP]bool{}
+		seenResolvers = map[netip.Addr]bool{}
 		seenSearch    = map[string]bool{}
 	)
 

net/dns/osconfig.go

@@ -6,8 +6,8 @@ package dns
 
 import (
 	"errors"
+	"net/netip"
 
-	"tailscale.com/net/netaddr"
 	"tailscale.com/util/dnsname"
 )
 
@@ -40,7 +40,7 @@ type OSConfigurator interface {
 // OSConfig is an OS DNS configuration.
 type OSConfig struct {
 	// Nameservers are the IP addresses of the nameservers to use.
-	Nameservers []netaddr.IP
+	Nameservers []netip.Addr
 	// SearchDomains are the domain suffixes to use when expanding
 	// single-label name queries. SearchDomains is additive to
 	// whatever non-Tailscale search domains the OS has.

net/dns/publicdns/publicdns.go

@@ -9,31 +9,29 @@ package publicdns
 import (
 	"net/netip"
 	"sync"
-
-	"tailscale.com/net/netaddr"
 )
 
-var knownDoH = map[netaddr.IP]string{} // 8.8.8.8 => "https://..."
-var dohIPsOfBase = map[string][]netaddr.IP{}
+var knownDoH = map[netip.Addr]string{} // 8.8.8.8 => "https://..."
+var dohIPsOfBase = map[string][]netip.Addr{}
 var populateOnce sync.Once
 
 // KnownDoH returns a map of well-known public DNS IPs to their DoH URL.
 // The returned map should not be modified.
-func KnownDoH() map[netaddr.IP]string {
+func KnownDoH() map[netip.Addr]string {
 	populateOnce.Do(populate)
 	return knownDoH
 }
 
 // DoHIPsOfBase returns a map of DNS server IP addresses keyed
 // by their DoH URL. It is the inverse of KnownDoH.
-func DoHIPsOfBase() map[string][]netaddr.IP {
+func DoHIPsOfBase() map[string][]netip.Addr {
 	populateOnce.Do(populate)
 	return dohIPsOfBase
 }
 
 // DoHV6 returns the first IPv6 DNS address from a given public DNS provider
 // if found, along with a boolean indicating success.
-func DoHV6(base string) (ip netaddr.IP, ok bool) {
+func DoHV6(base string) (ip netip.Addr, ok bool) {
 	populateOnce.Do(populate)
 	for _, ip := range dohIPsOfBase[base] {
 		if ip.Is6() {
@@ -43,7 +41,7 @@ func DoHV6(base string) (ip netaddr.IP, ok bool) {
 	return ip, false
 }
 
-// addDoH parses a given well-formed ip string into a netaddr.IP type and
+// addDoH parses a given well-formed ip string into a netip.Addr type and
 // adds it to both knownDoH and dohIPsOFBase maps.
 func addDoH(ipStr, base string) {
 	ip := netip.MustParseAddr(ipStr)

net/dns/publicdns/publicdns_test.go

@@ -7,8 +7,6 @@ package publicdns
 import (
 	"net/netip"
 	"testing"
-
-	"tailscale.com/net/netaddr"
 )
 
 func TestInit(t *testing.T) {
@@ -24,12 +22,12 @@ func TestInit(t *testing.T) {
 func TestDohV6(t *testing.T) {
 	tests := []struct {
 		in      string
-		firstIP netaddr.IP
+		firstIP netip.Addr
 		want    bool
 	}{
 		{"https://cloudflare-dns.com/dns-query", netip.MustParseAddr("2606:4700:4700::1111"), true},
 		{"https://dns.google/dns-query", netip.MustParseAddr("2001:4860:4860::8888"), true},
-		{"bogus", netaddr.IP{}, false},
+		{"bogus", netip.Addr{}, false},
 	}
 	for _, test := range tests {
 		t.Run(test.in, func(t *testing.T) {

net/dns/resolvconffile/resolvconffile.go

@@ -20,7 +20,6 @@ import (
 	"os"
 	"strings"
 
-	"tailscale.com/net/netaddr"
 	"tailscale.com/util/dnsname"
 )
 
@@ -30,7 +29,7 @@ const Path = "/etc/resolv.conf"
 // Config represents a resolv.conf(5) file.
 type Config struct {
 	// Nameservers are the IP addresses of the nameservers to use.
-	Nameservers []netaddr.IP
+	Nameservers []netip.Addr
 
 	// SearchDomains are the domain suffixes to use when expanding
 	// single-label name queries. SearchDomains is additive to

net/dns/resolvconffile/resolvconffile_test.go

@@ -10,7 +10,6 @@ import (
 	"strings"
 	"testing"
 
-	"tailscale.com/net/netaddr"
 	"tailscale.com/util/dnsname"
 )
 
@@ -22,21 +21,21 @@ func TestParse(t *testing.T) {
 	}{
 		{in: `nameserver 192.168.0.100`,
 			want: &Config{
-				Nameservers: []netaddr.IP{
+				Nameservers: []netip.Addr{
 					netip.MustParseAddr("192.168.0.100"),
 				},
 			},
 		},
 		{in: `nameserver 192.168.0.100 # comment`,
 			want: &Config{
-				Nameservers: []netaddr.IP{
+				Nameservers: []netip.Addr{
 					netip.MustParseAddr("192.168.0.100"),
 				},
 			},
 		},
 		{in: `nameserver 192.168.0.100#`,
 			want: &Config{
-				Nameservers: []netaddr.IP{
+				Nameservers: []netip.Addr{
 					netip.MustParseAddr("192.168.0.100"),
 				},
 			},

net/dns/resolver/forwarder.go

@@ -15,6 +15,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"net/netip"
 	"net/url"
 	"runtime"
 	"sort"
@@ -28,7 +29,6 @@ import (
 	"tailscale.com/hostinfo"
 	"tailscale.com/net/dns/publicdns"
 	"tailscale.com/net/dnscache"
-	"tailscale.com/net/netaddr"
 	"tailscale.com/net/neterror"
 	"tailscale.com/net/netns"
 	"tailscale.com/net/tsdial"
@@ -367,7 +367,7 @@ func (f *forwarder) setRoutes(routesBySuffix map[dnsname.FQDN][]*dnstype.Resolve
 
 var stdNetPacketListener nettype.PacketListenerWithNetIP = nettype.MakePacketListenerWithNetIP(new(net.ListenConfig))
 
-func (f *forwarder) packetListener(ip netaddr.IP) (nettype.PacketListenerWithNetIP, error) {
+func (f *forwarder) packetListener(ip netip.Addr) (nettype.PacketListenerWithNetIP, error) {
 	if f.linkSel == nil || initListenConfig == nil {
 		return stdNetPacketListener, nil
 	}

net/dns/resolver/tsdns.go

@@ -54,7 +54,7 @@ var (
 
 type packet struct {
 	bs   []byte
-	addr netaddr.IPPort // src for a request, dst for a response
+	addr netip.AddrPort // src for a request, dst for a response
 }
 
 // Config is a resolver configuration.
@@ -70,7 +70,7 @@ type Config struct {
 	// To register a "default route", add an entry for ".".
 	Routes map[dnsname.FQDN][]*dnstype.Resolver
 	// LocalHosts is a map of FQDNs to corresponding IPs.
-	Hosts map[dnsname.FQDN][]netaddr.IP
+	Hosts map[dnsname.FQDN][]netip.Addr
 	// LocalDomains is a list of DNS name suffixes that should not be
 	// routed to upstream resolvers.
 	LocalDomains []dnsname.FQDN
@@ -106,7 +106,7 @@ func (c *Config) WriteToBufioWriter(w *bufio.Writer) {
 }
 
 // WriteIPPorts writes vv to w.
-func WriteIPPorts(w *bufio.Writer, vv []netaddr.IPPort) {
+func WriteIPPorts(w *bufio.Writer, vv []netip.AddrPort) {
 	w.WriteByte('[')
 	var b []byte
 	for i, v := range vv {
@@ -193,15 +193,15 @@ type Resolver struct {
 	// mu guards the following fields from being updated while used.
 	mu           sync.Mutex
 	localDomains []dnsname.FQDN
-	hostToIP     map[dnsname.FQDN][]netaddr.IP
-	ipToHost     map[netaddr.IP]dnsname.FQDN
+	hostToIP     map[dnsname.FQDN][]netip.Addr
+	ipToHost     map[netip.Addr]dnsname.FQDN
 }
 
 type ForwardLinkSelector interface {
 	// PickLink returns which network device should be used to query
 	// the DNS server at the given IP.
 	// The empty string means to use an unspecified default.
-	PickLink(netaddr.IP) (linkName string)
+	PickLink(netip.Addr) (linkName string)
 }
 
 // New returns a new resolver.
@@ -214,8 +214,8 @@ func New(logf logger.Logf, linkMon *monitor.Mon, linkSel ForwardLinkSelector, di
 		logf:     logger.WithPrefix(logf, "resolver: "),
 		linkMon:  linkMon,
 		closed:   make(chan struct{}),
-		hostToIP: map[dnsname.FQDN][]netaddr.IP{},
-		ipToHost: map[netaddr.IP]dnsname.FQDN{},
+		hostToIP: map[dnsname.FQDN][]netip.Addr{},
+		ipToHost: map[netip.Addr]dnsname.FQDN{},
 		dialer:   dialer,
 	}
 	r.forwarder = newForwarder(r.logf, linkMon, linkSel, dialer)
@@ -229,7 +229,7 @@ func (r *Resolver) SetConfig(cfg Config) error {
 		r.saveConfigForTests(cfg)
 	}
 
-	reverse := make(map[netaddr.IP]dnsname.FQDN, len(cfg.Hosts))
+	reverse := make(map[netip.Addr]dnsname.FQDN, len(cfg.Hosts))
 
 	for host, ips := range cfg.Hosts {
 		for _, ip := range ips {
@@ -266,7 +266,7 @@ func (r *Resolver) Close() {
 // bound on per-query resource usage.
 const dnsQueryTimeout = 10 * time.Second
 
-func (r *Resolver) Query(ctx context.Context, bs []byte, from netaddr.IPPort) ([]byte, error) {
+func (r *Resolver) Query(ctx context.Context, bs []byte, from netip.AddrPort) ([]byte, error) {
 	metricDNSQueryLocal.Add(1)
 	select {
 	case <-r.closed:
@@ -323,7 +323,7 @@ func parseExitNodeQuery(q []byte) *response {
 // still result in a response DNS packet (saying there's a failure)
 // and a nil error.
 // TODO: figure out if we even need an error result.
-func (r *Resolver) HandleExitNodeDNSQuery(ctx context.Context, q []byte, from netaddr.IPPort, allowName func(name string) bool) (res []byte, err error) {
+func (r *Resolver) HandleExitNodeDNSQuery(ctx context.Context, q []byte, from netip.AddrPort, allowName func(name string) bool) (res []byte, err error) {
 	metricDNSExitProxyQuery.Add(1)
 	ch := make(chan packet, 1)
 
@@ -489,7 +489,7 @@ func isGoNoSuchHostError(err error) bool {
 type resolvConfCache struct {
 	mod  time.Time
 	size int64
-	ip   netaddr.IP
+	ip   netip.Addr
 	// TODO: inode/dev?
 }
 
@@ -501,10 +501,10 @@ var errEmptyResolvConf = errors.New("resolv.conf has no nameservers")
 
 // stubResolverForOS returns the IP address of the first nameserver in
 // /etc/resolv.conf.
-func stubResolverForOS() (ip netaddr.IP, err error) {
+func stubResolverForOS() (ip netip.Addr, err error) {
 	fi, err := os.Stat(resolvconffile.Path)
 	if err != nil {
-		return netaddr.IP{}, err
+		return netip.Addr{}, err
 	}
 	cur := resolvConfCache{
 		mod:  fi.ModTime(),
@@ -515,10 +515,10 @@ func stubResolverForOS() (ip netaddr.IP, err error) {
 	}
 	conf, err := resolvconffile.ParseFile(resolvconffile.Path)
 	if err != nil {
-		return netaddr.IP{}, err
+		return netip.Addr{}, err
 	}
 	if len(conf.Nameservers) == 0 {
-		return netaddr.IP{}, errEmptyResolvConf
+		return netip.Addr{}, errEmptyResolvConf
 	}
 	ip = conf.Nameservers[0]
 	cur.ip = ip
@@ -531,12 +531,12 @@ func stubResolverForOS() (ip netaddr.IP, err error) {
 // typ (A, AAAA, ALL).
 // Returns dns.RCodeRefused to indicate that the local map is not
 // authoritative for domain.
-func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP, dns.RCode) {
+func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netip.Addr, dns.RCode) {
 	metricDNSResolveLocal.Add(1)
 	// Reject .onion domains per RFC 7686.
 	if dnsname.HasSuffix(domain.WithoutTrailingDot(), ".onion") {
 		metricDNSResolveLocalErrorOnion.Add(1)
-		return netaddr.IP{}, dns.RCodeNameError
+		return netip.Addr{}, dns.RCodeNameError
 	}
 
 	// We return a symbolic domain if someone does a reverse lookup on the
@@ -566,11 +566,11 @@ func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP,
 			if suffix.Contains(domain) {
 				// We are authoritative for the queried domain.
 				metricDNSResolveLocalErrorMissing.Add(1)
-				return netaddr.IP{}, dns.RCodeNameError
+				return netip.Addr{}, dns.RCodeNameError
 			}
 		}
 		// Not authoritative, signal that forwarding is advisable.
-		return netaddr.IP{}, dns.RCodeRefused
+		return netip.Addr{}, dns.RCodeRefused
 	}
 
 	// Refactoring note: this must happen after we check suffixes,
@@ -588,7 +588,7 @@ func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP,
 			}
 		}
 		metricDNSResolveLocalNoA.Add(1)
-		return netaddr.IP{}, dns.RCodeSuccess
+		return netip.Addr{}, dns.RCodeSuccess
 	case dns.TypeAAAA:
 		for _, ip := range addrs {
 			if ip.Is6() {
@@ -597,14 +597,14 @@ func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP,
 			}
 		}
 		metricDNSResolveLocalNoAAAA.Add(1)
-		return netaddr.IP{}, dns.RCodeSuccess
+		return netip.Addr{}, dns.RCodeSuccess
 	case dns.TypeALL:
 		// Answer with whatever we've got.
 		// It could be IPv4, IPv6, or a zero addr.
 		// TODO: Return all available resolutions (A and AAAA, if we have them).
 		if len(addrs) == 0 {
 			metricDNSResolveLocalNoAll.Add(1)
-			return netaddr.IP{}, dns.RCodeSuccess
+			return netip.Addr{}, dns.RCodeSuccess
 		}
 		metricDNSResolveLocalOKAll.Add(1)
 		return addrs[0], dns.RCodeSuccess
@@ -614,7 +614,7 @@ func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP,
 	// DNS semantics and might be implemented in the future.
 	case dns.TypeNS, dns.TypeSOA, dns.TypeAXFR, dns.TypeHINFO:
 		metricDNSResolveNotImplType.Add(1)
-		return netaddr.IP{}, dns.RCodeNotImplemented
+		return netip.Addr{}, dns.RCodeNotImplemented
 
 	// For everything except for the few types above that are explicitly not implemented, return no records.
 	// This is what other DNS systems do: always return NOERROR
@@ -625,7 +625,7 @@ func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP,
 	default:
 		metricDNSResolveNoRecordType.Add(1)
 		// The name exists, but no records exist of the requested type.
-		return netaddr.IP{}, dns.RCodeSuccess
+		return netip.Addr{}, dns.RCodeSuccess
 	}
 }
 
@@ -639,13 +639,13 @@ func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP,
 // (2022-06-02) to work around an issue in Chrome where it would treat
 // "http://via-1.1.2.3.4" as a search string instead of a URL. We should rip out
 // the old format in early 2023.
-func (r *Resolver) parseViaDomain(domain dnsname.FQDN, typ dns.Type) (netaddr.IP, bool) {
+func (r *Resolver) parseViaDomain(domain dnsname.FQDN, typ dns.Type) (netip.Addr, bool) {
 	fqdn := string(domain.WithoutTrailingDot())
 	if typ != dns.TypeAAAA {
-		return netaddr.IP{}, false
+		return netip.Addr{}, false
 	}
 	if len(fqdn) < len("via-X.0.0.0.0") {
-		return netaddr.IP{}, false // too short to be valid
+		return netip.Addr{}, false // too short to be valid
 	}
 
 	var siteID string
@@ -653,18 +653,18 @@ func (r *Resolver) parseViaDomain(domain dnsname.FQDN, typ dns.Type) (netaddr.IP
 	if strings.HasPrefix(fqdn, "via-") {
 		firstDot := strings.Index(fqdn, ".")
 		if firstDot < 0 {
-			return netaddr.IP{}, false // missing dot delimiters
+			return netip.Addr{}, false // missing dot delimiters
 		}
 		siteID = fqdn[len("via-"):firstDot]
 		ip4Str = fqdn[firstDot+1:]
 	} else {
 		lastDot := strings.LastIndex(fqdn, ".")
 		if lastDot < 0 {
-			return netaddr.IP{}, false // missing dot delimiters
+			return netip.Addr{}, false // missing dot delimiters
 		}
 		suffix := fqdn[lastDot+1:]
 		if !strings.HasPrefix(suffix, "via-") {
-			return netaddr.IP{}, false
+			return netip.Addr{}, false
 		}
 		siteID = suffix[len("via-"):]
 		ip4Str = fqdn[:lastDot]
@@ -672,22 +672,22 @@ func (r *Resolver) parseViaDomain(domain dnsname.FQDN, typ dns.Type) (netaddr.IP
 
 	ip4, err := netip.ParseAddr(ip4Str)
 	if err != nil {
-		return netaddr.IP{}, false // badly formed, dont respond
+		return netip.Addr{}, false // badly formed, dont respond
 	}
 
 	prefix, err := strconv.ParseUint(siteID, 0, 32)
 	if err != nil {
-		return netaddr.IP{}, false // badly formed, dont respond
+		return netip.Addr{}, false // badly formed, dont respond
 	}
 
-	// MapVia will never error when given an ipv4 netaddr.IPPrefix.
+	// MapVia will never error when given an ipv4 netip.Prefix.
 	out, _ := tsaddr.MapVia(uint32(prefix), netip.PrefixFrom(ip4, ip4.BitLen()))
 	return out.Addr(), true
 }
 
 // resolveReverse returns the unique domain name that maps to the given address.
 func (r *Resolver) resolveLocalReverse(name dnsname.FQDN) (dnsname.FQDN, dns.RCode) {
-	var ip netaddr.IP
+	var ip netip.Addr
 	var ok bool
 	switch {
 	case strings.HasSuffix(name.WithTrailingDot(), rdnsv4Suffix):
@@ -717,7 +717,7 @@ func (r *Resolver) resolveLocalReverse(name dnsname.FQDN) (dnsname.FQDN, dns.RCo
 }
 
 // r.mu must be held.
-func (r *Resolver) fqdnForIPLocked(ip netaddr.IP, name dnsname.FQDN) (dnsname.FQDN, dns.RCode) {
+func (r *Resolver) fqdnForIPLocked(ip netip.Addr, name dnsname.FQDN) (dnsname.FQDN, dns.RCode) {
 	// If someone curiously does a reverse lookup on the DNS IP, we
 	// return a domain that helps indicate that Tailscale is using
 	// this IP for a special purpose and it is not a node on their
@@ -749,8 +749,8 @@ type response struct {
 
 	// IP and IPs are the responses to an A, AAAA, or ALL query.
 	// Either/both/neither can be populated.
-	IP  netaddr.IP
-	IPs []netaddr.IP
+	IP  netip.Addr
+	IPs []netip.Addr
 
 	// TXT is the response to a TXT query.
 	// Each one is its own RR with one string.
@@ -809,7 +809,7 @@ func (p *dnsParser) parseQuery(query []byte) error {
 
 // marshalARecord serializes an A record into an active builder.
 // The caller may continue using the builder following the call.
-func marshalARecord(name dns.Name, ip netaddr.IP, builder *dns.Builder) error {
+func marshalARecord(name dns.Name, ip netip.Addr, builder *dns.Builder) error {
 	var answer dns.AResource
 
 	answerHeader := dns.ResourceHeader{
@@ -825,7 +825,7 @@ func marshalARecord(name dns.Name, ip netaddr.IP, builder *dns.Builder) error {
 
 // marshalAAAARecord serializes an AAAA record into an active builder.
 // The caller may continue using the builder following the call.
-func marshalAAAARecord(name dns.Name, ip netaddr.IP, builder *dns.Builder) error {
+func marshalAAAARecord(name dns.Name, ip netip.Addr, builder *dns.Builder) error {
 	var answer dns.AAAAResource
 
 	answerHeader := dns.ResourceHeader{
@@ -839,7 +839,7 @@ func marshalAAAARecord(name dns.Name, ip netaddr.IP, builder *dns.Builder) error
 	return builder.AAAAResource(answerHeader, answer)
 }
 
-func marshalIP(name dns.Name, ip netaddr.IP, builder *dns.Builder) error {
+func marshalIP(name dns.Name, ip netip.Addr, builder *dns.Builder) error {
 	if ip.Is4() {
 		return marshalARecord(name, ip, builder)
 	}
@@ -1066,14 +1066,14 @@ func rawNameToLower(name []byte) string {
 //   4.3.2.1.in-addr.arpa
 // is transformed to
 //   1.2.3.4
-func rdnsNameToIPv4(name dnsname.FQDN) (ip netaddr.IP, ok bool) {
+func rdnsNameToIPv4(name dnsname.FQDN) (ip netip.Addr, ok bool) {
 	s := strings.TrimSuffix(name.WithTrailingDot(), rdnsv4Suffix)
 	ip, err := netip.ParseAddr(s)
 	if err != nil {
-		return netaddr.IP{}, false
+		return netip.Addr{}, false
 	}
 	if !ip.Is4() {
-		return netaddr.IP{}, false
+		return netip.Addr{}, false
 	}
 	b := ip.As4()
 	return netaddr.IPv4(b[3], b[2], b[1], b[0]), true
@@ -1085,14 +1085,14 @@ func rdnsNameToIPv4(name dnsname.FQDN) (ip netaddr.IP, ok bool) {
 //   b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
 // is transformed to
 //   2001:db8::567:89ab
-func rdnsNameToIPv6(name dnsname.FQDN) (ip netaddr.IP, ok bool) {
+func rdnsNameToIPv6(name dnsname.FQDN) (ip netip.Addr, ok bool) {
 	var b [32]byte
 	var ipb [16]byte
 
 	s := strings.TrimSuffix(name.WithTrailingDot(), rdnsv6Suffix)
 	// 32 nibbles and 31 dots between them.
 	if len(s) != 63 {
-		return netaddr.IP{}, false
+		return netip.Addr{}, false
 	}
 
 	// Dots and hex digits alternate.
@@ -1101,7 +1101,7 @@ func rdnsNameToIPv6(name dnsname.FQDN) (ip netaddr.IP, ok bool) {
 	for i, j := len(s)-1, 0; i >= 0; i-- {
 		thisDot := (s[i] == '.')
 		if prevDot == thisDot {
-			return netaddr.IP{}, false
+			return netip.Addr{}, false
 		}
 		prevDot = thisDot
 
@@ -1115,7 +1115,7 @@ func rdnsNameToIPv6(name dnsname.FQDN) (ip netaddr.IP, ok bool) {
 
 	_, err := hex.Decode(ipb[:], b[:])
 	if err != nil {
-		return netaddr.IP{}, false
+		return netip.Addr{}, false
 	}
 
 	return netaddr.IPFrom16(ipb), true

net/dns/resolver/tsdns_server_test.go

@@ -7,11 +7,11 @@ package resolver
 import (
 	"fmt"
 	"net"
+	"net/netip"
 	"strings"
 	"testing"
 
 	"github.com/miekg/dns"
-	"tailscale.com/net/netaddr"
 )
 
 // This file exists to isolate the test infrastructure
@@ -22,7 +22,7 @@ import (
 // to queries of type A it receives with an A record containing ipv4,
 // to queries of type AAAA with an AAAA record containing ipv6,
 // to queries of type NS with an NS record containing name.
-func resolveToIP(ipv4, ipv6 netaddr.IP, ns string) dns.HandlerFunc {
+func resolveToIP(ipv4, ipv6 netip.Addr, ns string) dns.HandlerFunc {
 	return func(w dns.ResponseWriter, req *dns.Msg) {
 		m := new(dns.Msg)
 		m.SetReply(req)
@@ -73,7 +73,7 @@ func resolveToIP(ipv4, ipv6 netaddr.IP, ns string) dns.HandlerFunc {
 // to queries of type A it receives with an A record containing ipv4,
 // to queries of type AAAA with an AAAA record containing ipv6,
 // to queries of type NS with an NS record containing name.
-func resolveToIPLowercase(ipv4, ipv6 netaddr.IP, ns string) dns.HandlerFunc {
+func resolveToIPLowercase(ipv4, ipv6 netip.Addr, ns string) dns.HandlerFunc {
 	return func(w dns.ResponseWriter, req *dns.Msg) {
 		m := new(dns.Msg)
 		m.SetReply(req)
@@ -220,7 +220,7 @@ func weirdoGoCNAMEHandler(target string) dns.HandlerFunc {
 // dnsHandler returns a handler that replies with the answers/options
 // provided.
 //
-// Types supported: netaddr.IP.
+// Types supported: netip.Addr.
 func dnsHandler(answers ...any) dns.HandlerFunc {
 	return func(w dns.ResponseWriter, req *dns.Msg) {
 		m := new(dns.Msg)
@@ -235,7 +235,7 @@ func dnsHandler(answers ...any) dns.HandlerFunc {
 			switch a := a.(type) {
 			default:
 				panic(fmt.Sprintf("unsupported dnsHandler arg %T", a))
-			case netaddr.IP:
+			case netip.Addr:
 				ip := a
 				if ip.Is4() {
 					m.Answer = append(m.Answer, &dns.A{

net/dns/resolver/tsdns_test.go

@@ -43,7 +43,7 @@ var (
 )
 
 var dnsCfg = Config{
-	Hosts: map[dnsname.FQDN][]netaddr.IP{
+	Hosts: map[dnsname.FQDN][]netip.Addr{
 		"test1.ipn.dev.": {testipv4},
 		"test2.ipn.dev.": {testipv6},
 	},
@@ -92,7 +92,7 @@ func dnspacket(domain dnsname.FQDN, tp dns.Type, ednsSize uint16) []byte {
 }
 
 type dnsResponse struct {
-	ip               netaddr.IP
+	ip               netip.Addr
 	txt              []string
 	name             dnsname.FQDN
 	rcode            dns.RCode
@@ -157,7 +157,7 @@ func unpackResponse(payload []byte) (dnsResponse, error) {
 			if err != nil {
 				return response, err
 			}
-			response.ip = netaddr.IPv6Raw(res.AAAA)
+			response.ip = netip.AddrFrom16(res.AAAA)
 		case dns.TypeTXT:
 			res, err := parser.TXTResource()
 			if err != nil {
@@ -234,10 +234,10 @@ func unpackResponse(payload []byte) (dnsResponse, error) {
 }
 
 func syncRespond(r *Resolver, query []byte) ([]byte, error) {
-	return r.Query(context.Background(), query, netaddr.IPPort{})
+	return r.Query(context.Background(), query, netip.AddrPort{})
 }
 
-func mustIP(str string) netaddr.IP {
+func mustIP(str string) netip.Addr {
 	ip, err := netip.ParseAddr(str)
 	if err != nil {
 		panic(err)
@@ -249,13 +249,13 @@ func TestRDNSNameToIPv4(t *testing.T) {
 	tests := []struct {
 		name   string
 		input  dnsname.FQDN
-		wantIP netaddr.IP
+		wantIP netip.Addr
 		wantOK bool
 	}{
 		{"valid", "4.123.24.1.in-addr.arpa.", netaddr.IPv4(1, 24, 123, 4), true},
-		{"double_dot", "1..2.3.in-addr.arpa.", netaddr.IP{}, false},
-		{"overflow", "1.256.3.4.in-addr.arpa.", netaddr.IP{}, false},
-		{"not_ip", "sub.do.ma.in.in-addr.arpa.", netaddr.IP{}, false},
+		{"double_dot", "1..2.3.in-addr.arpa.", netip.Addr{}, false},
+		{"overflow", "1.256.3.4.in-addr.arpa.", netip.Addr{}, false},
+		{"not_ip", "sub.do.ma.in.in-addr.arpa.", netip.Addr{}, false},
 	}
 
 	for _, tt := range tests {
@@ -274,7 +274,7 @@ func TestRDNSNameToIPv6(t *testing.T) {
 	tests := []struct {
 		name   string
 		input  dnsname.FQDN
-		wantIP netaddr.IP
+		wantIP netip.Addr
 		wantOK bool
 	}{
 		{
@@ -286,19 +286,19 @@ func TestRDNSNameToIPv6(t *testing.T) {
 		{
 			"double_dot",
 			"b..9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.",
-			netaddr.IP{},
+			netip.Addr{},
 			false,
 		},
 		{
 			"double_hex",
 			"b.a.98.0.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.",
-			netaddr.IP{},
+			netip.Addr{},
 			false,
 		},
 		{
 			"not_hex",
 			"b.a.g.0.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.",
-			netaddr.IP{},
+			netip.Addr{},
 			false,
 		},
 	}
@@ -329,27 +329,27 @@ func TestResolveLocal(t *testing.T) {
 		name  string
 		qname dnsname.FQDN
 		qtype dns.Type
-		ip    netaddr.IP
+		ip    netip.Addr
 		code  dns.RCode
 	}{
 		{"ipv4", "test1.ipn.dev.", dns.TypeA, testipv4, dns.RCodeSuccess},
 		{"ipv6", "test2.ipn.dev.", dns.TypeAAAA, testipv6, dns.RCodeSuccess},
-		{"no-ipv6", "test1.ipn.dev.", dns.TypeAAAA, netaddr.IP{}, dns.RCodeSuccess},
-		{"nxdomain", "test3.ipn.dev.", dns.TypeA, netaddr.IP{}, dns.RCodeNameError},
-		{"foreign domain", "google.com.", dns.TypeA, netaddr.IP{}, dns.RCodeRefused},
+		{"no-ipv6", "test1.ipn.dev.", dns.TypeAAAA, netip.Addr{}, dns.RCodeSuccess},
+		{"nxdomain", "test3.ipn.dev.", dns.TypeA, netip.Addr{}, dns.RCodeNameError},
+		{"foreign domain", "google.com.", dns.TypeA, netip.Addr{}, dns.RCodeRefused},
 		{"all", "test1.ipn.dev.", dns.TypeA, testipv4, dns.RCodeSuccess},
-		{"mx-ipv4", "test1.ipn.dev.", dns.TypeMX, netaddr.IP{}, dns.RCodeSuccess},
-		{"mx-ipv6", "test2.ipn.dev.", dns.TypeMX, netaddr.IP{}, dns.RCodeSuccess},
-		{"mx-nxdomain", "test3.ipn.dev.", dns.TypeMX, netaddr.IP{}, dns.RCodeNameError},
-		{"ns-nxdomain", "test3.ipn.dev.", dns.TypeNS, netaddr.IP{}, dns.RCodeNameError},
-		{"onion-domain", "footest.onion.", dns.TypeA, netaddr.IP{}, dns.RCodeNameError},
+		{"mx-ipv4", "test1.ipn.dev.", dns.TypeMX, netip.Addr{}, dns.RCodeSuccess},
+		{"mx-ipv6", "test2.ipn.dev.", dns.TypeMX, netip.Addr{}, dns.RCodeSuccess},
+		{"mx-nxdomain", "test3.ipn.dev.", dns.TypeMX, netip.Addr{}, dns.RCodeNameError},
+		{"ns-nxdomain", "test3.ipn.dev.", dns.TypeNS, netip.Addr{}, dns.RCodeNameError},
+		{"onion-domain", "footest.onion.", dns.TypeA, netip.Addr{}, dns.RCodeNameError},
 		{"magicdns", dnsSymbolicFQDN, dns.TypeA, netip.MustParseAddr("100.100.100.100"), dns.RCodeSuccess},
 		{"via_hex", dnsname.FQDN("via-0xff.1.2.3.4."), dns.TypeAAAA, netip.MustParseAddr("fd7a:115c:a1e0:b1a:0:ff:1.2.3.4"), dns.RCodeSuccess},
 		{"via_dec", dnsname.FQDN("via-1.10.0.0.1."), dns.TypeAAAA, netip.MustParseAddr("fd7a:115c:a1e0:b1a:0:1:10.0.0.1"), dns.RCodeSuccess},
 		{"x_via_hex", dnsname.FQDN("4.3.2.1.via-0xff."), dns.TypeAAAA, netip.MustParseAddr("fd7a:115c:a1e0:b1a:0:ff:4.3.2.1"), dns.RCodeSuccess},
 		{"x_via_dec", dnsname.FQDN("1.0.0.10.via-1."), dns.TypeAAAA, netip.MustParseAddr("fd7a:115c:a1e0:b1a:0:1:1.0.0.10"), dns.RCodeSuccess},
-		{"via_invalid", dnsname.FQDN("via-."), dns.TypeAAAA, netaddr.IP{}, dns.RCodeRefused},
-		{"via_invalid_2", dnsname.FQDN("2.3.4.5.via-."), dns.TypeAAAA, netaddr.IP{}, dns.RCodeRefused},
+		{"via_invalid", dnsname.FQDN("via-."), dns.TypeAAAA, netip.Addr{}, dns.RCodeRefused},
+		{"via_invalid_2", dnsname.FQDN("2.3.4.5.via-."), dns.TypeAAAA, netip.Addr{}, dns.RCodeRefused},
 	}
 
 	for _, tt := range tests {
@@ -1003,7 +1003,7 @@ func TestForwardLinkSelection(t *testing.T) {
 	// routes differently.
 	specialIP := netaddr.IPv4(1, 2, 3, 4)
 
-	fwd := newForwarder(t.Logf, nil, linkSelFunc(func(ip netaddr.IP) string {
+	fwd := newForwarder(t.Logf, nil, linkSelFunc(func(ip netip.Addr) string {
 		if ip == netaddr.IPv4(1, 2, 3, 4) {
 			return "special"
 		}
@@ -1011,7 +1011,7 @@ func TestForwardLinkSelection(t *testing.T) {
 	}), new(tsdial.Dialer))
 
 	// Test non-special IP.
-	if got, err := fwd.packetListener(netaddr.IP{}); err != nil {
+	if got, err := fwd.packetListener(netip.Addr{}); err != nil {
 		t.Fatal(err)
 	} else if got != stdNetPacketListener {
 		t.Errorf("for IP zero value, didn't get expected packet listener")
@@ -1035,9 +1035,9 @@ func TestForwardLinkSelection(t *testing.T) {
 	}
 }
 
-type linkSelFunc func(ip netaddr.IP) string
+type linkSelFunc func(ip netip.Addr) string
 
-func (f linkSelFunc) PickLink(ip netaddr.IP) string { return f(ip) }
+func (f linkSelFunc) PickLink(ip netip.Addr) string { return f(ip) }
 
 func TestHandleExitNodeDNSQueryWithNetPkg(t *testing.T) {
 	if runtime.GOOS == "windows" {